Letter to the editor
Following is a response to an FCW.com poll question that asked: "Do you think federal IT workers should be required to earn a systems security certification?"
The need for certification of technicians.
As director of information systems for an international police organization, with close affiliations to U.S. law enforcement, I would like to present a view from the perspective of international cooperation.
The business of Interpol lies in the exchange of criminal information among countries and the provision of mutual cooperation on criminal matters. This requires a level of trust in the systems that we offer to member countries.
I support the main premise of some of your readers: that the most important requirement is to provide access to good training on security matters. But, as a service provider providing services globally from central France, it is important that our members/clients have confidence in the technologies we use and in the people who operate them.
To this extent, it can be useful, even reassuring, for clients to know that some of the technicians with whom they interact have attained "certification," for instance in specific virtual private network technologies or on Microsoft Corp. products used in our architecture. This is only useful if the certificates are kept up to date, so the need to balance cost vs. benefit is always at the forefront.
Peter Nevitt Director, Information Systems International Criminal Police Organization-Interpol